Hi Ian, > Then, logically, a *.TLD cert indicates a valid > wildcard range of addresses, and is therefore > an identity, albeit a broad one. But, given that > CAs who have nothing to do with TLDs can > then issue a wildcard covering an entire TLD, > I'd be inclined to say that a political not technical > decision should be made that a *.TLD be treated > as a special case that gets a special treatment. Any decent CA should block a *.tld cert, even a *.d1.tld as well, where d1 is a 'generic one'. For example it would be almost just as bad to issue *.co.uk or *.com.au as *.net. The list of these domains is pretty long and isn't exactly static.
Cheers, V.
smime.p7s
Description: S/MIME cryptographic signature
